Results 1 to 5 of 5

Thread: Uncompiled WPA tables

  1. #1
    Just burned his ISO
    Join Date
    Jul 2007
    Posts
    20

    Default Uncompiled WPA tables

    If it is any proof that I have actually spent some time looking this information up, I know how people on this forum hate others for not using the search or doing research on their own.

    My previous work with pentesting my network with WPA involves capturing the 4way handshake, then using aircrack-ng with my password in the list. I understand that coWPAtty and aircrack-ng are slow because of the needed 4096 iterations (?) resulting in 50-100 keys/second. I have also learned that if you use airolib-ng, specify the essid and a dictionary file, you can compile a table that makes it (aircrack-ng)go much faster.

    Ive looked around for more extensive dictionary files, however the popular rainbow tables at Church of WiFi are all precompiled for specific ESSIDs. My ESSID is not one of them (nor would I ever make it). So in short, I am looking for tables that I can download, use airolib-ng to make my own with an ESSID then run that with aircrack-ng.

    I am sure some of my phraseology is incorrect but I like think I have a general understanding. If anything to show that I have indeed researched this a bit (and, yes, use the search function).
    thanks!
    Thanks but I know how to use search and google!
    -The early bird catches the worm, but the second mouse gets the cheese.

  2. #2
    Member
    Join Date
    Jul 2009
    Posts
    358

    Default

    Hi !

    You don't need tables, but word files. The "tables" are the name of the compiled structures, if you want to build your own (based on your ESSID), you can start with the dictionnary file you used to crack your WPA.

    If you want more complete/efficient tables, of course, you'll need big word files, you can find some on this thread : http://forums.remote-exploit.org/pen...-wordlist.html

    One you have the list, you can use Airolib or GenPMK (included with Cowpatty) to compile your osn tables. Beware, such a computation requires a lot of work from your CPU (--> much time !) and also a lot of disk space, if your wordlists are pretty big.
    Have a look at Xploitz videos : http://forums.remote-exploit.org/tut...databases.html

    Note that if you are using BackTrack4, and if you have a (recent, > 8*** series) nVidia graphic card, you can use Pyrit to speed up the generation of the tables. Some videos were published about it, Google is your friend

  3. #3
    Just burned his ISO
    Join Date
    Jul 2007
    Posts
    20

    Default

    Thanks, I used airolib-ng to compile some of those large word files thanks to our man -=xploitz=-. On a core 2 quad desktop, I was getting around 500 keys/second using them directly. Once compiled into the tables, it was going couple thousand/second.

    I do want to test if it takes longer to compile my own tables versus just brute forcing it with the normal password files. It seemed to take just about the same amount of time. However, the airolib-ng wpacrack --verify command took a very long time. Does it serve any purpose?
    Thanks but I know how to use search and google!
    -The early bird catches the worm, but the second mouse gets the cheese.

  4. #4
    Member
    Join Date
    Jul 2009
    Posts
    358

    Default

    Look at the airolib-ng webpage :
    - -verify [all] - Verify a set of randomly chosen PMKs. If the option 'all' is given, all(!) PMKs in the database are verified and the incorrect ones are deleted.
    this is not mandatory, it's just som kind of check test to be sure that the tables were computed correctly. I think you can bypass it, as such miscomputations are unlikely to happen...

    If you want to compare the respective amounts of time required, I think that compute a table will take longer than just bruteforce crack. But you can use these tables on any network which has the same SSID (same name), so you'll save much time when you want to crack such a network later (or your network with another passphrase)

    Have you tried with Pyrit ? It requires a decent nVidia card, and the CUDA api, bu I think it is included in BT4 PreFinal. You can have some performance comparison on the project page : pyrit - Project Hosting on Google Code

    Edit : you can also have a look at CowPatty, it has the same functionalities as Airolib but it might be faster, depends on your hardware. Give it a try

  5. #5
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by snipper_cr View Post
    If it is any proof that I have actually spent some time looking this information up, I know how people on this forum hate others for not using the search or doing research on their own.

    My previous work with pentesting my network with WPA involves capturing the 4way handshake, then using aircrack-ng with my password in the list. I understand that coWPAtty and aircrack-ng are slow because of the needed 4096 iterations (?) resulting in 50-100 keys/second. I have also learned that if you use airolib-ng, specify the essid and a dictionary file, you can compile a table that makes it (aircrack-ng)go much faster.

    Ive looked around for more extensive dictionary files, however the popular rainbow tables at Church of WiFi are all precompiled for specific ESSIDs. My ESSID is not one of them (nor would I ever make it). So in short, I am looking for tables that I can download, use airolib-ng to make my own with an ESSID then run that with aircrack-ng.

    I am sure some of my phraseology is incorrect but I like think I have a general understanding. If anything to show that I have indeed researched this a bit (and, yes, use the search function).
    thanks!
    You can get the wordlist used for the passwords on the Church's site. I'd link to them here, but streaker might hit me next con we're both at.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •